To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/Cyb3rMaddy/ . You’ll also get 20% off an annual premium subscription. This video was sponsored by Brilliant
Best way for me to learn is standing over someones shoulder watching them do and explain what they are doing. This is the first time I've seen wireshark in action and thank you so much for how you teach this. This is also the first time I've looked at wireshark and didn't feel like I was reading gibberish. Subscribed.
@nulldnb Respectfully... This isn't really using Wireshark. Prebuilt filters should be in place. Then once on the trail of something an individual should follow the session conversation. She dipped from DNS to HTTP without looking at any other traffic while allowing all src and dst traffic. Also conveniently doesn't mention how the majority of DNS and HTTP traffic is secured. A competent professional in the industry is going to force their browser/computer to use a static DNS of their choice, and force both DNS and HTTP to be encrypted. You would be able to see the IP's... but you are not going to see the query, you are not going to see responses, you are not going to see get requests. Laura has been doing this for decades. If you want real world knowledge and applications she delivers information. If you want distractions she is not it. No such thing as a free education. www.youtube.com/@LauraChappellLab/videos
Yes, It's highly recommended to encrypt your private members (preferably with a strong password), especially when having an affair. Also remember not to choose a weak algorithm for the encryption, as that will make your protection prone to breaking and/or tearing during intense activities.
It was funny to find a folder named 'affair.' You'll laugh even harder when you hear that here in Brazil, there was almost a coup d'état, and the police found a folder called 'coup draft' on a former minister's computer, so obvious 😂😂😂😂
6:39 That 172.16 address is the attacker correct? The get request is sourced from the attacker... they would be downloading their own compromised file. Which leads me to the point the victim has to initiate a get request for the file. This DNS spoof/poison will not work unless the served page entices the victim to initiate the get request. Unless I'm missing something this has the Reedit circle jerk stench. Yeah bruh I just busted my boss at this MASSIVE convention in real time bruh.
7:07 Crazy question. Why are they noticing the IP address-operating system discrepencies AFTER the attack? Shouldn't internal IDS software filters have picked up that beforehand? This is why AI systems are going to integrated heavier into cybersecurity for preventative actions.
In that case the main in the middle it would only work if the connection is without https, am I right ? I am a software developer it might be skill issues from my side
what about bypassing ssl on android devices ssl pinning is in place do we need to bypass sslpinning to be able to capture the download from play store in mitmproxy I have a script that can merge the payload with the original apk :( that's where I am at 😢
Great analysis, thank you! A bit off-topic, but I wanted to ask: I have a SafePal wallet with USDT, and I have the seed phrase. (alarm fetch churn bridge exercise tape speak race clerk couch crater letter). How should I go about transferring them to Binance?
First time your video i watched you have unique style the way you teach or talk keep doing i have doubt; once we redirected to attacker fake website then its over, right ? all get and post req are automatically happen or we are the one making. let say in get request that zip contain malware and post request contain boss flight ticket. So goal of the attack is getting boss ticket right?.
@@AlmightyMek VPN would in fact work. To capture the packets the adversary has to be on the same networks. VPN is not the same network. To spoof/poison DNS in this fashion you have to be on the same network... VPN is not the same network.
As a non-native speaker I got stunlocked at 3:25 mins in. What's incorrect about the grammar? Is it supposed to be like "Recently, your boss..."? PLEASE HELP ME! :D
You make it sound like a simple race condition between any hacker and the dns , that it is trivial to win it. You pull a pcap file from some competition very neatly prepeared data, not showcasing any how difficult it is to set up a spoofing attack against anyone that does not sit in your lab. All to sell your ad... Boo.
thank you maddy, but we know what DNS Spoofing is, this is only because the middle school's IT program is so boring it shouldn't be a re-do of elementary school IT curriculum where you learn office for the 20th time
Müsste aber mach dir lieber keine Hoffnungen ^^ Wenn es dich antreibt zu lernen ok, die Chance ist aber gegen 0, dass sie dich aufgrund eines solchen Kommentares überhaupt wahrnimmt und wenn dann nur als Simp - Frauen im Internet sind sehr viel gewöhnt, darüber einen richtigen Kontakt aufzubauen vor allem im Ausland... eher unwahrscheinlich, sorry dir das zu sagen bro :( Wie sagte mein Vater so schön... auch andere Mütter haben schöne Töchter :) Die meisten sind zwar nicht intelligent, aber es gibt sie auch hier, bloß nicht die Hoffnung aufgeben und die Energie in etwas "reales" stecken! :)
I restraint myself from clicking the video, knowing the channel before hand and how distracted i could be by impeccable gorgeous physical beauty which make me disregard the cybersecurity knowledge and skill brought upon in the video. Which is unwise of me. Forgive me.
To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/Cyb3rMaddy/ . You’ll also get 20% off an annual premium subscription.
This video was sponsored by Brilliant
*NO.*
Super interesting thankkk youuuu
Best way for me to learn is standing over someones shoulder watching them do and explain what they are doing. This is the first time I've seen wireshark in action and thank you so much for how you teach this.
This is also the first time I've looked at wireshark and didn't feel like I was reading gibberish. Subscribed.
So glad to hear!! This feedback means a lot. Thank you!!
Same here. Thanks 🗿
@nulldnb Respectfully... This isn't really using Wireshark. Prebuilt filters should be in place. Then once on the trail of something an individual should follow the session conversation. She dipped from DNS to HTTP without looking at any other traffic while allowing all src and dst traffic. Also conveniently doesn't mention how the majority of DNS and HTTP traffic is secured. A competent professional in the industry is going to force their browser/computer to use a static DNS of their choice, and force both DNS and HTTP to be encrypted. You would be able to see the IP's... but you are not going to see the query, you are not going to see responses, you are not going to see get requests.
Laura has been doing this for decades. If you want real world knowledge and applications she delivers information. If you want distractions she is not it. No such thing as a free education.
www.youtube.com/@LauraChappellLab/videos
@@RunsOnRustYes, she will most certainly not be a distraction
Great one Maddy! Love the Wireshark breakdown as it is interesting how they were able to get their DNS in before the Google DNS.
So... if I'm gonna have an affair, I'd better use protection?
You gonna get PWND
@@Zeroduckies😂
😂
use Latex not condom 😂😂
Yes, It's highly recommended to encrypt your private members (preferably with a strong password), especially when having an affair. Also remember not to choose a weak algorithm for the encryption, as that will make your protection prone to breaking and/or tearing during intense activities.
i can already hear all the smartys shouting "ThEn UsE DnS oVeR HTTPS!!11"
It was funny to find a folder named 'affair.' You'll laugh even harder when you hear that here in Brazil, there was almost a coup d'état, and the police found a folder called 'coup draft' on a former minister's computer, so obvious 😂😂😂😂
Keep up the great work Maddy. Thanks for sharing your knowledge.
Man, pulling that kind of shit is *typical* Pete Gallaway.
This was funny and educational! Great combo. I immediately changed my folder titles after seeing this, blatantly suss stuff.
Oh, great, my favorite cybersecurity blogger!
Nice ❤ More incident analysis for other scenarios please
6:39 That 172.16 address is the attacker correct? The get request is sourced from the attacker... they would be downloading their own compromised file. Which leads me to the point the victim has to initiate a get request for the file. This DNS spoof/poison will not work unless the served page entices the victim to initiate the get request.
Unless I'm missing something this has the Reedit circle jerk stench. Yeah bruh I just busted my boss at this MASSIVE convention in real time bruh.
7:07
Crazy question.
Why are they noticing the IP address-operating system discrepencies AFTER the attack?
Shouldn't internal IDS software filters have picked up that beforehand?
This is why AI systems are going to integrated heavier into cybersecurity
for preventative actions.
would like to see this from attacker pov and how they execute it
These kinds of script I wrote 5 years ago. Idk why people cry FED FED FED Over this person with these script kitty skills.
So you skipped the scriptkid phase huh?
@mczen84 I've been researching in infosec before you were even born kid.
@@mczen84 bro is too good for us.
amazing channel, glad we've found it
In that case the main in the middle it would only work if the connection is without https, am I right ? I am a software developer it might be skill issues from my side
Wow she is getting sponsors now yayy!!
Solution: Pi-hole and Unbound.
I didn't get one fact, how did attacker inject the DNS server? Is it possible to register the same domain with two different IP addresses?
Yeah. In fact, it's very common. It assures redundancy.
what about bypassing ssl on android devices ssl pinning is in place do we need to bypass sslpinning to be able to capture the download from play store in mitmproxy I have a script that can merge the payload with the original apk :( that's where I am at 😢
I fall in love with this channel 💕💕
well if some one click 15 warning popups away telling the site uses a wrong certificate
Great analysis, thank you! A bit off-topic, but I wanted to ask: I have a SafePal wallet with USDT, and I have the seed phrase. (alarm fetch churn bridge exercise tape speak race clerk couch crater letter). How should I go about transferring them to Binance?
Love to see a video of under the hood of alphafold
Doesn't burpsuite do this too?
Good tuturial❤❤
First time your video i watched you have unique style the way you teach or talk keep doing i have doubt; once we redirected to attacker fake website then its over, right ? all get and post req are automatically happen or we are the one making. let say in get request that zip contain malware and post request contain boss flight ticket. So goal of the attack is getting boss ticket right?.
ASMR cyber sec content right here. Keep it up Mrs.
lol are you from New Jersey? sorta sounds like it around 3:46 or so
"Smile. You're on camera"
What camera? 👀
FBI
Also can you let me know where you downloaded this PCAP file from ? Is this like a lab activity or something?
url is visible in the video after 3:02
subscribed from Ethiopia!!!!
Another tech youtuber??? Sign me up! Yes Ive learned dns is a scary tool when your not watching it
Thanks for the informative video Fam, 🎉
Thanks for the informative video's 😀😀
can you make a video about how to start hacker journey or bounty bug really need a guide for it .
Did you guys realized, it's ALWAYS DNS?
Great food on that region, including Bells and spices.
You're having an affair? Those packets will get you. Can't hide!!
Brilliant analysis 😊
can you please teach us how to send malware just for educational purposes?
nice job explaining the trace..
so, using a VPN is also a good security measure here, right?
A public VPN provider, (assuming) doesn’t protect you from downloading malware.
You should usually not ignore certificate warnings for public websites
@@AlmightyMek VPN would in fact work. To capture the packets the adversary has to be on the same networks. VPN is not the same network. To spoof/poison DNS in this fashion you have to be on the same network... VPN is not the same network.
Awesome video!
iT seems your video has quitted at about 1:42, maybe it's my client
So he didn't even get to Ninja
I LOVE YOUR KIRBY
This shit is Comedy haha!Hellyeahh! MerryChrismas World (:
😮😮😮😮😮...amazing tutorial! New subscriiber to the YT channel, hope 2 see more content!
As a non-native speaker I got stunlocked at 3:25 mins in. What's incorrect about the grammar? Is it supposed to be like "Recently, your boss..."? PLEASE HELP ME! :D
You're correct! It should say "recently" instead of "lately".
Ok, è una challenge, quindi una prova, ma non capisco una cosa, come hai fatto capire che l'altro è il reale IP?
You got a haircut! Nice
Beaty as always 🎉
Is that request http or https? 7:30
You are very intelligent 🙇🏻
3:52 Pete Galloway based
Where are the PsyOp comments?
best explanition ever ❤
Simp
Great work.
GEILE MAUS !
beautifull blue team 💙
Though I have some ideas
Don't use Mac. Got it thanks 👍
Great video. Thanks girl. Cool to see more girls in the game. We men have f--ked enough shit up
Thank you.
So a malware tutorial
Парень тебе нужен, а не вот это вот всё 😂
the best
Papi rompiste
Dns ....diaxxas😢😢❤😆😆😆❤
OK 👍
This is cool.
❤ Какая Симпатичная девушка!!!👍👍👍💯🥰💐💐💐💐💐💐💐💐💐💐💐💐💐
you are a cat
wow, so much criminal, so much hacker
You make it sound like a simple race condition between any hacker and the dns , that it is trivial to win it. You pull a pcap file from some competition very neatly prepeared data, not showcasing any how difficult it is to set up a spoofing attack against anyone that does not sit in your lab. All to sell your ad... Boo.
Yeah sure bro, but this is more like a showcase/introduction for the less experienced, I think
@JanSoltan-wj1hs opinions are still allowed to have to some degree, unless we talking about jews. but i still think its an ad.
Maddy with some lipstick turns into a baddie
Lmao, Underrated comment
Maddy you are so beautiful ❤❤❤❤❤❤
I thought hopeless simping was haram or some shi
Or a sin, whatever
Cool!
This woman turned on the PC herself yet.
don't have an affair is the easier option lol
She's so gorgeous🤫
😱🧑💻🦈🌎‼
She kinda talks like Mitch Hedberg.
I used to like OpSec. I still do. But, I used to too
lol
She used to talk like Mitch, she still does but she used to too.
hack
thank you maddy, but we know what DNS Spoofing is, this is only because the middle school's IT program is so boring it shouldn't be a re-do of elementary school IT curriculum where you learn office for the 20th time
u single? :''D
Müsste aber mach dir lieber keine Hoffnungen ^^
Wenn es dich antreibt zu lernen ok, die Chance ist aber gegen 0, dass sie dich aufgrund eines solchen Kommentares überhaupt wahrnimmt und wenn dann nur als Simp - Frauen im Internet sind sehr viel gewöhnt, darüber einen richtigen Kontakt aufzubauen vor allem im Ausland... eher unwahrscheinlich, sorry dir das zu sagen bro :(
Wie sagte mein Vater so schön... auch andere Mütter haben schöne Töchter :)
Die meisten sind zwar nicht intelligent, aber es gibt sie auch hier, bloß nicht die Hoffnung aufgeben und die Energie in etwas "reales" stecken! :)
@@MrArkaneMage komplimente machen ist also etwas schlechtes, traurige welt in der du lebst. tut mir leid für dich D:
@@SomeOne-mw8zl dann hab ich deinen Kommentar wohl missverstanden, sieht für mich nicht nach einem Kompliment, sondern nach Anbiederei aus :D
Damn Germans smh
@@sadasow2670 thats wacist
I restraint myself from clicking the video, knowing the channel before hand and how distracted i could be by impeccable gorgeous physical beauty which make me disregard the cybersecurity knowledge and skill brought upon in the video. Which is unwise of me. Forgive me.
mm, hot network nerd. the apex of digital age.
Gorgeousness
My wife left me
@faza google chrome 😮😮❤